Senior Manager - Segregation of Duties Identity and Access Governance Group Information Security at MTN

RESPONSIBILITIES

The The Senior Manager SOD Identity and Access Governance will have the following responsibilities:

Centre of Excellence (CoE) Establishment and Development:

• Establish and develop a Centre of Excellence for SoD/IAG, encompassing people, processes, and technology landscape.
• Lead, appoint, and manage the CoE team.
• Define the strategic vision, objectives, and roadmap for the CoE, aligned with organisational goals.
• Engage and coordinate operational structures/processes with the OPCOs.
• Foster a culture of continuous improvement and innovation within the CoE
• Manage general day-to-day team and operations.

Policy and Standards Alignment:

• Ensure alignment of SoD/ IAG processes, policies, and standards with industry good practices, regulations, and frameworks
• Develop and maintain a comprehensive SoD/IAG policies and standards framework.
• Regularly review and update policies to address emerging security risks and changing business needs.

Segregation of Duties (SoD) Management:

• Construct and implement SoD Application Standards to ensure proper access controls and separation of duties.
• Conduct risk analysis for SoD, identifying areas of vulnerability and driving the implementation of appropriate mitigation measures with the OPCOs.
• Facilitate self-assessments of SoD compliance within different departments or OPCOs and business units.
• Monitor and track SoD non-compliance and ensure timely remediation.

Technology Implementation and Management:

• Evaluate, select, and implement SoD/IAG technologies and tools that align with organisational requirements.
• Oversee the integration and utilization of SoD/IAG technologies, such as identity management and access control systems.
• Ensure the proper configuration, integration, maintenance, and monitoring of SoD/ IAG tools and systems.
• Present and obtain approvals from appropriate internal governance forums, including Architecture, Risk and Compliance, Security, and Technology functions.

Communication and Training:

• Develop and implement communication strategies to promote awareness and understanding of SoD/IAG across the organisation.
• Facilitate effective communication channels for reporting, escalation, and resolution of SoD/IAG-related issues.
• Conduct training programs and awareness sessions to educate employees on SoD/IAG policies, procedures, and best practices.

Compliance and Audit:

• Ensure compliance with relevant internal governance and compliance policies and standards, including Security, Risk and Compliance, and Technology
• Ensure compliance with relevant regulations, laws, and industry standards related to SoD/IAG.
• Collaborate with internal and external risk, compliance, and audit teams to support SoD/IAG audits and assessments.
• Support the remediation of audit findings and drive the implementation of appropriate mitigation measures with the OPCOs. 
• Performance Monitoring and Reporting:
• Establish key performance indicators (KPIs), key risk indicators (KRIs) and metrics to measure the effectiveness of SoD/IAG initiatives.
• Monitor and analyse SoD/IAG performance data, identify trends, and provide actionable insights.
• Generate regular reports and executive summaries to communicate SoD/IAG performance to relevant stakeholders.

Stakeholder Management:

• Collaborate with the CoE team and cross-functional teams to ensure alignment and cooperation on SoD/IAG initiatives.
• Engage with senior management and executive leadership to provide updates, seek support, and obtain approval for SoD/IAG initiatives.
• Manage third-party vendor contracts for SoD/IAM and SoD/IAG-related services, including negotiation and defining deliverables and performance metrics.
• Effectively manage stakeholders at various levels within the organisation, resolving issues, addressing concerns, and proactively communicating SoD/IAG initiatives and progress.

Financial Management:

• Effectively manage budgets for SoD/IAG initiatives, including cost estimation, financial planning, and expense tracking.

Service Level Agreements (SLAs):

• Ensure adherence to SLAs related to SoD/IAG services.

Collaboration 

Responsibility towards: 

Key customers: Group Information Security, Group Technology, Group Fintech, Group BRM & OPCOs

Key suppliers: Vendors/3rd parties, Relevant Industry Bodies 

Executive GIS, OPCO CEOs, Functional Heads (MFS & Fintech, Procurement, Legal)

Business Risk and Compliance − Partners, Distributors, Vendors

Law enforcement agencies and relevant third parties

QUALIFICATIONS

Education:

• Minimum of 4-year tertiary degree/diploma (Bachelor of Science, Technology, Engineering, or related field) 
• MBA or Masters advantageous
• English, French (an advantage)

Experience:

• 2-3 years of experience at the Senior Management level in the telecom industry
• 2-3 years of working experience in managing identity, access governance and segregation of duties in a large organisation, with a strong technical background
• A minimum of 5-7 years’ experience in designing and implementing an organisation-wide Segregation of Duties/Identity and Access Governance framework 
• Experience in managing and implementing large-scale identity and access governance projects.
• Experience working in Africa and have a grasp of political, social, and infrastructure challenges.
• Advanced working experience in the information technology environment of a telecom company 
• Experience in managing executive stakeholders and third-party vendors.